wiki:IamTomcatConfig
Last modified 9 years ago Last modified on 12/09/11 11:41:08

IAM Projects / IAM Tomcat Configuration

This page documents various tweaks to the IAM Tomcat configuration.

  1. Elimination of weak SSL ciphers
    Add the ciphers option as shown below to the connector. You may need the SSLInfo Java app (which is attached below) to list available ciphers and to get a list of cipher names for use in the cipher option.
    ...
        <Connector port="8443" 
            protocol="HTTP/1.1" 
            SSLEnabled="true" 
            maxThreads="150" 
            scheme="https" 
            secure="true" 
            clientAuth="false" 
            sslProtocol="TLS"
            ciphers="SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_RSA_WITH_AES_128_CBC_SHA" />
    ...
    

Attachments